It was discovered by some anon on /g/ that the CAPTCHA challenge becomes more difficult if you log out of your Google account.

+

As part of their new spam detection algorithms, Google will serve considerably more difficult CAPTCHAs to users who aren't logged in to a Google account. These harder CAPTCHAs offer zero tolerance on typing mistakes, forcing you to type both test words correctly, much to the bane of most 4chan users, who tend to enter gibberish for the OCR word.

+

+

This happens when a certain API key requests too many CAPTCHAs in a certain time frame that go unsolved, as is the case with 4chan, since every pageload requests a new CAPTCHA from Google's servers. Moot has since fixed this behavior to only request the CAPTCHA when you type in to the comment box, but he was quickly crucified for it, and people quickly pushed dirty Javascript hacks to change it back.

+

[[Category:Software]]

[[Category:Software]]

Revision as of 05:45, 15 March 2014

A properly filled-out ReCAPTCHA.

reCAPTCHA is a service run by Google to both help digitise books, and prevent bots from spamming. It is used on 4chan to prevent bots from spamming posts or reports.

reCAPTCHA is not a silver bullet. Any sufficiently dedicated spammer can just hire some people from a poor country to fill out CAPTCHA problems for a few cents each. That being said, it's reasonably effective on most websites.

How it works

Diagram of how reCAPTCHA works

The user loads the web page with the reCAPTCHA challenge JavaScript embedded.

The user's browser requests a challenge (an image with distorted text) from reCAPTCHA. reCAPTCHA gives the user a challenge and a token that identifies the challenge.

The user fills out the web page form, and submits the result to your application server, along with the challenge token.

reCAPTCHA checks the user's answer, and gives you back a response.

If true, generally you will allow the user access to some service or information. E.g. allow them to comment on a forum, register for a wiki, or get access to an email address. If false, you can allow the user to try again.

Controversy

As part of their new spam detection algorithms, Google will serve considerably more difficult CAPTCHAs to users who aren't logged in to a Google account. These harder CAPTCHAs offer zero tolerance on typing mistakes, forcing you to type both test words correctly, much to the bane of most 4chan users, who tend to enter gibberish for the OCR word.

This happens when a certain API key requests too many CAPTCHAs in a certain time frame that go unsolved, as is the case with 4chan, since every pageload requests a new CAPTCHA from Google's servers. Moot has since fixed this behavior to only request the CAPTCHA when you type in to the comment box, but he was quickly crucified for it, and people quickly pushed dirty Javascript hacks to change it back.